Headlines were recently rocked by a ruling from the European Court of Human Rights (ECHR), deeming that a Romanian company was within its rights to access personal messages that one of its employees had sent on his work Yahoo Messenger account.
The employee was dismissed after the firm discovered he had been sending messages to his brother and fiancé during working hours. Company policy stated that the internet was for work access only.
After losing his case in the Romanian domestic courts, he appealed to the ECHR, claiming his privacy rights had been breached, but the judges ruled that the firm was justified in its actions.
Since the ruling, questions have been circulating as to what level of privacy employees can expect when it comes to using their work devices to send personal messages.
WHAT DOES THE RULING MEAN FOR THE UK?
While British courts are obliged to take the decisions of the ECHR into consideration, domestic rulings are not ultimately bound by wider European precedents. What happens in one case might not necessarily be the same in Britain.
In the UK, the Information Commissioner’s Office (ICO) is an independent authority that is responsible for upholding the privacy rights of the public. The ICO ensures the implementation of the Data Protection Act, which is the primary source for outlining what employees can expect from their employers in regards to access to personal information.
WHAT ARE MY PRIVACY RIGHTS AT WORK?
In the interest of both the employer and the employee, monitoring is an expected aspect of any workplace, to ensure quality, security and safety. Some employers may choose to make routine checks, such as email or internet history sweeps, to ensure there is no adverse activity taking place.
However, as the ICO outlines in the Employment Practices Code, while employers are within their rights to monitor workers, employees are also entitled to a degree of privacy.
The Data Protection Act states that employees must be notified that their communications are being monitored and that consent must be given. This might include access to emails, messages on company phones and internet search history.
This is probably something a worker will come across in their initial contract of employment, perhaps without paying much attention to it.
In regards to an employer reading personal information that is being shared across devices, the ICO states that “any adverse impact of monitoring on individuals must be justified by the benefits to the employer and others.”
This means that, if an employer is going to access personal information on an employee’s work-issued device without informing them first, they must have a reason for doing so that outweighs any intrusion into the private life of the employee. They also must be able to justify their reasons in accordance with the Data Protection Act alongside the Lawful Business Practice Regulations.
HOW CAN I PROTECT MY PRIVACY AS AN EMPLOYEE?
It is important to make sure you are completely aware of your employer’s conditions and rules when it comes to using work devices for personal use. Make sure you pay close attention to what you agree to when signing any privacy protection documents.
By familiarising yourself with the policy, and knowing the correct person to speak to if you have any questions, you can take steps to be sure that your personal information is safe.
Andy Cullwick, Head of Marketing at First4lawyers, says: “An employee using the property of their employer should be mindful. However at the same time employers need to check they have the right processes and policies in place so that it is clear to employees where they stand, and therefore employees don’t fear being monitored unreasonably by their bosses.”
WHAT SHOULD YOU EXPECT FROM YOUR EMPLOYER?
When it comes to monitoring communications, employers should provide an up-to-date policy for workers, clarifying the regulations for using work devices. This should be reviewed regularly to accommodate any changes in circumstances.
There should also be an appropriate contact in place, who is familiar with the Data Protection Act, to ensure that the policy is fair and implemented correctly.
Andy Cullwick adds: “If it is clear what your company considers acceptable in terms of using work devices there will be no ambiguity between employers and employees, and therefore there should be nothing to be fearful of.”
Any monitoring that takes place must be clearly outlined in a company agreement that has been consented by the employee, or else justified accordingly with the Data Protection Act.
If you are clear on your employer’s expectations of when and what you use work devices for, and you make sure to comply accordingly, you shouldn’t have anything to worry about when it comes to keeping your personal information private.
If you believe your rights have been infringed upon, contact us for help.